---
title: "FreeBSD 4.8-RELEASE Errata"
sidenav: download
---

++++


<h3 class="CORPAUTHOR">The FreeBSD Project</h3>

<p class="COPYRIGHT">Copyright &copy; 2000, 2001, 2002, 2003 by The FreeBSD Documentation
Project</p>

<p class="PUBDATE">$FreeBSD: src/release/doc/en_US.ISO8859-1/errata/article.sgml,v
1.1.2.113 2003/10/06 04:21:21 bmah Exp $<br />
</p>

<hr />
</div>

<blockquote class="ABSTRACT">
<div class="ABSTRACT"><a id="AEN12" name="AEN12"></a>
<p>This document lists errata items for FreeBSD 4.8-RELEASE, containing significant
information discovered after the release or too late in the release cycle to be otherwise
included in the release documentation. This information includes security advisories, as
well as news relating to the software or documentation that could affect its operation or
usability. An up-to-date version of this document should always be consulted before
installing this version of FreeBSD.</p>

<p>This errata document for FreeBSD 4.8-RELEASE will be maintained until the release of
FreeBSD 4.9-RELEASE.</p>
</div>
</blockquote>

<div class="SECT1">
<hr />
<h1 class="SECT1"><a id="AEN15" name="AEN15">1 Introduction</a></h1>

<p>This errata document contains ``late-breaking news'' about FreeBSD 4.8-RELEASE. Before
installing this version, it is important to consult this document to learn about any
post-release discoveries or problems that may already have been found and fixed.</p>

<p>Any version of this errata document actually distributed with the release (for
example, on a CDROM distribution) will be out of date by definition, but other copies are
kept updated on the Internet and should be consulted as the ``current errata'' for this
release. These other copies of the errata are located at <a
href="http://www.FreeBSD.org/releases/"
target="_top">http://www.FreeBSD.org/releases/</a>, plus any sites which keep up-to-date
mirrors of this location.</p>

<p>Source and binary snapshots of FreeBSD 4-STABLE also contain up-to-date copies of this
document (as of the time of the snapshot).</p>

<p>For a list of all FreeBSD CERT security advisories, see <a
href="http://www.FreeBSD.org/security/"
target="_top">http://www.FreeBSD.org/security/</a> or <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/"
target="_top">ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/</a>.</p>
</div>

<div class="SECT1">
<hr />
<h1 class="SECT1"><a id="AEN26" name="AEN26">2 Security Advisories</a></h1>

<p>A buffer overflow in header parsing exists in older versions of <b
class="APPLICATION">sendmail</b>. It could allow a remote attacker to create a
specially-crafted message that may cause <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=sendmail&amp;sektion=8&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">sendmail</span>(8)</span></a> to
execute arbitrary code with the privileges of the user running it, typically <tt
class="USERNAME">root</tt>. More information, including pointers to patches, can be found
in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:07.sendmail.asc"
target="_top">FreeBSD-SA-03:07</a>. This problem was corrected for FreeBSD 4.8-RELEASE
with a vendor patch and was corrected for FreeBSD 4.9-RC with the import of a new version
of <b class="APPLICATION">sendmail</b>. However, these changes may not otherwise have
been noted in the release documentation.</p>

<p>The implementation of the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=realpath&amp;sektion=3&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">realpath</span>(3)</span></a>
function contains a single-byte buffer overflow bug. This may have various impacts,
depending on the application using <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=realpath&amp;sektion=3&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">realpath</span>(3)</span></a> and
other factors. This bug has been fixed on the 4.8-RELEASE security fix branch and the
4-STABLE development branch. For more information, see security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:08.realpath.asc"
target="_top">FreeBSD-SA-03:08</a>.</p>

<p>The kernel contains a bug that could allow it to attempt delivery of invalid signals,
leading to a kernel panic. This bug has been fixed on the 4-STABLE development branch and
the 4.8-RELEASE security fix branch. For more information, see security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:09.signal.asc"
target="_top">FreeBSD-SA-03:09</a>.</p>

<p>A bug in the iBCS2 emulation module could result in disclosing the contents of kernel
memory. (Note that this module is not enabled in FreeBSD by default.) This bug has been
fixed on the 4-STABLE development branch and the 4.8-RELEASE security fix branch. More
information can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:10.ibcs2.asc"
target="_top">FreeBSD-SA-03:10</a>.</p>

<p>A programming error in the <b class="APPLICATION">sendmail</b> implementation of its
``DNS maps'' feature could lead to a <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=sendmail&amp;sektion=8&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">sendmail</span>(8)</span></a>
child process crashing or behaving incorrectly. This error has been fixed with a patch on
the 4.8-RELEASE security fix branch and with the import of a new version of <b
class="APPLICATION">sendmail</b> on the 4-STABLE development branch. (Note that the DNS
maps feature is not used by the default configuration files shipped with FreeBSD.) More
information can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:11.sendmail.asc"
target="_top">FreeBSD-SA-03:11</a>.</p>

<p><b class="APPLICATION">OpenSSH</b> contains a bug in its buffer management code that
could potentially cause it to crash. This bug has been fixed via a vendor-supplied patch
on the 4-STABLE development branch and the 4.8-RELEASE security fix branch. For more
details, refer to security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:12.openssh.asc"
target="_top">FreeBSD-SA-03:12</a>.</p>

<p><b class="APPLICATION">sendmail</b> contains a remotely-exploitable buffer overflow.
This bug has been fixed via a vendor-supplied patch on the 4-STABLE development branch
and the 4.8-RELEASE security fix branch. More details can be found in security advisory
<a href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:13.sendmail.asc"
target="_top">FreeBSD-SA-03:13</a>.</p>

<p>The FreeBSD ARP code contains a bug that could allow the kernel to cause resource
starvation which eventually results in a system panic. This bug has been fixed on the
4-STABLE development branch and the 4.8-RELEASE security fix branch. More information can
be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:14.arp.asc"
target="_top">FreeBSD-SA-03:14</a>.</p>

<p>Several bugs in the <b class="APPLICATION">OpenSSH</b> PAM authentication code could
have impacts ranging from incorrect authentication to a stack corruption. These have been
corrected via vendor-supplied patches; details can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:15.openssh.asc"
target="_top">FreeBSD-SA-03:15</a>.</p>

<p>The implementation of the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=readv&amp;sektion=2&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">readv</span>(2)</span></a> system
call contains a bug which could potentially cause a system crash or privilege escalation.
This bug has been fixed on the 4-STABLE development branch and the 4.8-RELEASE security
fix branch. More information can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:16.filedesc.asc"
target="_top">FreeBSD-SA-03:16</a>.</p>

<p>The implementation of the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=procfs&amp;sektion=5&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">procfs</span>(5)</span></a> and
the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=linprocfs&amp;sektion=5&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">linprocfs</span>(5)</span></a>
contain a bug that could result in disclosing the contents of kernel memory. This bug has
been fixed on the 4-STABLE development branch and the 4.8-RELEASE security fix branch.
More information can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:17.procfs.asc"
target="_top">FreeBSD-SA-03:17</a>.</p>

<p><b class="APPLICATION">OpenSSL</b> contains several bugs which could allow a remote
attacker to crash an <b class="APPLICATION">OpenSSL</b>-using application or to execute
arbitrary code with the privileges of the application. These bugs have been fixed with
the import of a new version of <b class="APPLICATION">OpenSSL</b> on the 4-STABLE
development branch and with a vendor-supplied patch on the 4.8-RELEASE security fix
branch. Note that only applications that use <b class="APPLICATION">OpenSSL</b>'s ASN.1
or X.509 handling code are affected (<b class="APPLICATION">OpenSSH</b> is unaffected,
for example). More information can be found in security advisory <a
href="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:18.openssl.asc"
target="_top">FreeBSD-SA-03:18</a>.</p>
</div>

<div class="SECT1">
<hr />
<h1 class="SECT1"><a id="AEN87" name="AEN87">3 Late-Breaking News</a></h1>

<p>Due to some problems discovered very late in the release cycle, the ISO images and FTP
install directories for FreeBSD 4.8-RELEASE/i386 needed to be re-generated and
re-uploaded to the FTP mirror sites. For reference, the final ISO images have checksums
computed via <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=md5&amp;sektion=1&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">md5</span>(1)</span></a> as
follows:</p>

<pre class="PROGRAMLISTING">
MD5 (4.8-RELEASE-i386-disc1.iso) = c4e34b6a6be5cd1977ca206bf821c7fc
MD5 (4.8-RELEASE-i386-disc2.iso) = 93b09f97c01deead302557d7d24f87cb
MD5 (4.8-RELEASE-i386-mini.iso) = 5f0d2576dbb56d6ec85d49ac9fa4bbf9
</pre>

<p>Some parts of the documentation may incorrectly give the release date of FreeBSD
4.8-RELEASE as March 2003, rather than April 2003.</p>

<p>FreeBSD 4.8-RELEASE restores the ability to install from the installation media to a
<a
href="http://www.FreeBSD.org/cgi/man.cgi?query=mly&amp;sektion=4&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mly</span>(4)</span></a> device.
(This capability was broken in FreeBSD 4.7-RELEASE.)</p>

<p>After installing <b class="APPLICATION">GNOME</b>, the default terminal font might be
garbled. If this is the case, install the <tt
class="FILENAME">x11-fonts/bitstream-vera</tt> port, then restart <b
class="APPLICATION">GNOME</b>. The new fonts should take effect automatically. If they do
not, edit the current gnome-terminal profile and select the Bitstream Vera Sans Mono
font.</p>

<p>Due to space limitations, the <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=awi&amp;sektion=4&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">awi</span>(4)</span></a> driver
has been removed from the kernel used on the 1.44MB <tt class="FILENAME">kern.flp</tt>
i386 boot floppy. Because no module is available for this driver in FreeBSD 4.8-RELEASE,
this means that it is generally not possible to install FreeBSD 4.8-RELEASE over an <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=awi&amp;sektion=4&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">awi</span>(4)</span></a>
network.</p>

<p>Due to space limitations, support for ATAPI floppy disks and the DEC AlphaServer 8200
and 8400 (``TurboLaser'') machines has been removed from the kernel used on the 1.44MB
<tt class="FILENAME">kern.flp</tt> alpha boot floppy.</p>

<p>A bug in the FreeBSD 4.8-RELEASE kernel prevents it from booting on an Intel 80386
processor. This problem has been corrected on both the 4.8-RELEASE security fix branch
and the 4-STABLE development branch.</p>

<p>FreeBSD supports a hashed form of the login capabilities database, stored in <tt
class="FILENAME">/etc/login.conf.db</tt>. This is generated from the <tt
class="FILENAME">/etc/login.conf</tt> text file. If the hashed database is present, <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=login&amp;sektion=1&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">login</span>(1)</span></a> will
use it in preference to the contents of the text file. FreeBSD 4.8-RELEASE is the first
release that actually includes <tt class="FILENAME">/etc/login.conf.db</tt> on the
distribution media; thus, users modifying <tt class="FILENAME">/etc/login.conf</tt> need
to remember to regenerate the database, using <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=cap_mkdb&amp;sektion=1&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">cap_mkdb</span>(1)</span></a>.
Users performing source upgrades are generally not affected by this change, because <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=mergemaster&amp;sektion=8&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">mergemaster</span>(8)</span></a>
offers the option to regenerate <tt class="FILENAME">/etc/login.conf.db</tt> during
upgrades. <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=login.conf&amp;sektion=5&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">login.conf</span>(5)</span></a>
has more details on the format and usage of the login capabilities database.</p>

<p>A file that is a part of the <tt class="FILENAME">multimedia/gstreamer-plugins</tt>
port may appear to have a corrupted filename when the ports collection is installed using
<a
href="http://www.FreeBSD.org/cgi/man.cgi?query=sysinstall&amp;sektion=8&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">sysinstall</span>(8)</span></a>.
This should not affect building the port or installing the corresponding package.
However, it is recommended to rename the file in question, to prevent problems during any
future updates to the installed ports collection:</p>

<pre class="SCREEN">
<tt class="PROMPT">#</tt> <tt
class="USERINPUT"><b>cd /usr/ports/multimedia/gstreamer-plugins/files</b></tt>
<tt class="PROMPT">#</tt> <tt
class="USERINPUT"><b>mv patch-gst-libs_ext_ffmpeg_ffmpeg_libavcodec_alpha_simple_i \
patch-gst-libs_ext_ffmpeg_ffmpeg_libavcodec_alpha_simple_idct_alpha.c</b></tt>
</pre>

<p>Recently the mailing lists were changed from majordomo to the currently used Mailman
list server. More information about using the new mailing lists can be found by visiting
the <a href="http://www.FreeBSD.org/mailman/listinfo/" target="_top">FreeBSD Mailman Info
Page</a>.</p>

<p>The <a
href="http://www.FreeBSD.org/cgi/man.cgi?query=dc&amp;sektion=4&amp;manpath=FreeBSD+4.8-stable">
<span class="CITEREFENTRY"><span class="REFENTRYTITLE">dc</span>(4)</span></a> driver
does not properly transmit data through Davicom DC9102 cards. This problem, which has
been present since FreeBSD 4.5-RELEASE, has been corrected for FreeBSD 4.9-RC.</p>
</div>
</div>

<hr />
<p align="center"><small>This file, and other release-related documents, can be
downloaded from <a
href="http://snapshots.jp.FreeBSD.org/">http://snapshots.jp.FreeBSD.org/</a>.</small></p>

<p align="center"><small>For questions about FreeBSD, read the <a
href="http://www.FreeBSD.org/docs.html">documentation</a> before contacting &#60;<a
href="mailto:questions@FreeBSD.org">questions@FreeBSD.org</a>&#62;.</small></p>

<p align="center"><small><small>All users of FreeBSD 4-STABLE should subscribe to the
&#60;<a href="mailto:stable@FreeBSD.org">stable@FreeBSD.org</a>&#62; mailing
list.</small></small></p>

<p align="center">For questions about this documentation, e-mail &#60;<a
href="mailto:doc@FreeBSD.org">doc@FreeBSD.org</a>&#62;.</p>

<br />
<br />
++++


